Lucene search
AnonymousNODEJS:1615HistoryFeb 22, 2021 - 9:59 p.m.
IPC messages delivered to the wrong frame
2021-02-2221:59:51
Anonymous
www.npmjs.com
48
ipc messages
wrong frame
renderer process
remote module
webcontents.sendtoframe
event.reply
upgrade
github advisory
cve
software
EPSS
0.001
Percentile
42.0%
Overview
IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.
If your app does ANY of the following, then it is impacted by this issue:
- Uses
remote - Calls
webContents.sendToFrame - Calls
event.replyin an IPC message handler
Recommendation
Upgrade to a fixed version or later: 9.4.0, 10.2.0, 11.1.0, or 12.0.0-beta.9
References
Related
nvd
nvd
CVE-2020-26272
2021-01-28 19:15:13
cvelist
cvelist
CVE-2020-26272 IPC messages misrouted in Electron
2021-01-28 18:25:17
prion
prion
Design/Logic Flaw
2021-01-28 19:15:00
veracode
veracode
Information Disclosure
2021-01-29 03:14:58
cve
cve
CVE-2020-26272
2021-01-28 19:15:13
github
github
IPC messages delivered to the wrong frame in Electron
2021-01-28 19:11:34
osv
osv
CVE-2020-26272
2021-01-28 19:15:13
IPC messages delivered to the wrong frame in Electron
2021-01-28 19:11:34